MyCity » Ambulanta -> Arhiva Ambulante » Zarazen Firefox

Zarazen Firefox

Napisano na dan: 24.3.2018

Zarazen Firefox

Idi na vrh

Poslao: 24 Mar 2018 22:02
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Pojavljuju mi se oni odvratni preusmerivači, popup-ovi i ostalo. Pokusao sam sam daih sklonim sa MBAM i ADWCleanerom ali bez uspeha Sad

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Sale (administrator) on SALE-PC (24-03-2018 21:58:52)
Running from C:\Users\Sale\Desktop
Loaded Profiles: Sale (Available Profiles: Sale)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Link mogu videti samo ulogovani korisnici]

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2623900519-3301226672-1341085607-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2018-03-07]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0424FF70-120F-4C97-8D19-C3954930CE44}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBDD4AC8-341F-4337-A7AB-5E484CFF931E}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
HKU\S-1-5-21-2623900519-3301226672-1341085607-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Link mogu videti samo ulogovani korisnici]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2623900519-3301226672-1341085607-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} - No File
Toolbar: HKU\S-1-5-21-2623900519-3301226672-1341085607-1000 -> No Name - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227 [2018-03-24]
FF user.js: detected! => C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\user.js [2017-06-30]
FF Homepage: Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227 -> [Link mogu videti samo ulogovani korisnici]
FF Extension: (System Table) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\622127@modext.tech.xpi [2018-02-27]
FF Extension: (Simple Translate) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\simple-translate@sienori.xpi [2018-03-19]
FF Extension: (Adblock Plus) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-14]
FF Extension: (TLS 1.3 gradual roll-out) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\features\{8abcd0bb-6e30-4093-b107-e66b9bc3a531}\tls13-rollout-bug1442042@mozilla.org.xpi [2018-03-21] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_29_0_0_113.dll [2018-03-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-13] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - [Link mogu videti samo ulogovani korisnici]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - [Link mogu videti samo ulogovani korisnici]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [97824 2017-11-13] (Freemake)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2017-01-13] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 cryptfd; C:\Windows\System32\drivers\cryptfd.sys [193448 2017-03-03] ()
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] ()
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-24] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-24] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [188992 2016-02-10] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1087616 2014-09-19] (Vimicro Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-24 21:58 - 2018-03-24 22:00 - 000010452 _____ C:\Users\Sale\Desktop\FRST.txt
2018-03-24 21:58 - 2018-03-24 21:58 - 000000000 ____D C:\FRST
2018-03-24 21:57 - 2018-03-24 21:57 - 002403328 _____ (Farbar) C:\Users\Sale\Desktop\FRST64.exe
2018-03-24 21:48 - 2018-03-24 21:48 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-24 21:47 - 2018-03-24 21:48 - 000827872 _____ C:\Windows\system32\FNTCACHE.DAT
2018-03-24 21:38 - 2018-03-24 21:45 - 000000000 ____D C:\AdwCleaner
2018-03-24 21:37 - 2018-03-24 21:37 - 008222496 _____ (Malwarebytes) C:\Users\Sale\Desktop\AdwCleaner.exe
2018-03-23 11:53 - 2018-03-24 21:48 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-23 11:53 - 2018-03-24 21:48 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-23 11:53 - 2018-03-23 11:53 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-23 11:53 - 2018-03-23 11:53 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-23 11:52 - 2018-03-23 11:52 - 000001088 _____ C:\Users\Sale\Desktop\Play Warframe.lnk
2018-03-22 21:42 - 2018-03-22 21:47 - 000000000 ____D C:\Users\Sale\Desktop\New folder
2018-03-20 18:08 - 2018-03-20 18:09 - 000008704 ___SH C:\Users\Sale\Thumbs.db
2018-03-20 17:35 - 2018-03-20 17:35 - 000000000 ____D C:\Users\Public\Documents\Avanquest Software
2018-03-20 17:30 - 2018-03-20 18:02 - 000000000 ____D C:\Users\Sale\AppData\Local\Avanquest
2018-03-20 17:30 - 2018-03-20 17:30 - 000000000 ____D C:\Users\Sale\AppData\Roaming\Avanquest Software
2018-03-20 17:21 - 2018-03-24 15:41 - 000000000 ____D C:\Users\Sale\AppData\Roaming\uTorrent
2018-03-20 17:21 - 2018-03-23 13:24 - 000000000 ____D C:\Program Files (x86)\uTorrent
2018-03-19 19:55 - 2018-03-19 19:55 - 000194352 _____ C:\Users\Sale\Desktop\4827018.0116.8-1za-objavljivanje.pdf
2018-03-19 18:42 - 2018-03-20 18:07 - 000000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2018-03-19 18:42 - 2018-03-20 18:07 - 000000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2018-03-19 18:42 - 2018-03-19 18:42 - 000000000 ____D C:\Users\Sale\AppData\Local\LogMeIn
2018-03-19 18:42 - 2017-06-29 12:31 - 000035648 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2018-03-19 18:34 - 2018-03-19 18:34 - 004500393 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating(000038.101-000104.100)(000004.341-000028.960).mp4
2018-03-19 18:32 - 2018-03-19 18:32 - 007237534 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating(000010.373-000031.562).mp4
2018-03-19 18:32 - 2018-03-19 18:32 - 004500417 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating(000038.101-000104.100).mp4
2018-03-19 18:32 - 2018-03-19 18:32 - 002702634 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating(000121.986-000128.811).mp4
2018-03-19 18:32 - 2018-03-19 18:32 - 002249980 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating(000107.920-000113.720).mp4
2018-03-19 18:10 - 2018-03-19 18:10 - 000000916 _____ C:\Users\Public\Desktop\Age of Empires II HD Edition.lnk
2018-03-19 18:10 - 2018-03-19 18:10 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-03-19 17:41 - 2018-03-19 17:41 - 000000000 ____D C:\Users\Sale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2018-03-19 17:22 - 2018-03-19 17:22 - 000000000 ____D C:\Program Files (x86)\ThunderSoft
2018-03-19 15:41 - 2018-03-19 15:41 - 020783772 _____ C:\Users\Sale\Desktop\Virgin queen bee fly to mate with drone_ bees mating_young virgin queen bee mating.mp4
2018-03-18 13:55 - 2018-03-18 13:58 - 000000000 ____D C:\Users\Sale\Desktop\wetransfer-fb7f9c
2018-03-18 13:55 - 2018-03-18 13:57 - 000000000 ____D C:\Users\Sale\Desktop\wetransfer-1b15a8
2018-03-18 13:38 - 2018-03-18 13:42 - 000000000 ____D C:\Users\Sale\Desktop\wetransfer-e981b4
2018-03-14 08:03 - 2018-03-09 04:39 - 005580992 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-03-14 08:03 - 2018-03-09 04:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-03-14 08:03 - 2018-03-09 04:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-03-14 08:03 - 2018-03-09 04:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-03-14 08:03 - 2018-03-09 04:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-03-14 08:03 - 2018-03-09 04:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-03-14 08:03 - 2018-03-09 04:14 - 004044992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-03-14 08:03 - 2018-03-09 04:14 - 004025536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-03-14 08:03 - 2018-03-09 04:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 04:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-03-14 08:03 - 2018-03-09 03:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-03-14 08:03 - 2018-03-09 03:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-03-14 08:03 - 2018-03-09 03:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-03-14 08:03 - 2018-03-09 03:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-03-14 08:03 - 2018-03-09 03:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2018-03-14 08:03 - 2018-03-09 03:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-03-14 08:03 - 2018-03-09 03:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-03-14 08:03 - 2018-03-09 03:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-03-14 08:03 - 2018-03-09 03:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-03-14 08:03 - 2018-03-09 03:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-03-14 08:03 - 2018-03-09 03:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-03-14 08:03 - 2018-03-09 03:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-03-14 08:03 - 2018-03-09 03:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-03-14 08:03 - 2018-03-09 03:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-03-14 08:03 - 2018-03-09 03:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-03-14 08:03 - 2018-03-09 03:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-03-14 08:03 - 2018-03-09 03:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-03-14 08:03 - 2018-03-09 03:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-14 08:03 - 2018-03-09 03:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-14 08:03 - 2018-03-01 09:36 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-03-14 08:03 - 2018-02-22 04:28 - 000217600 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-03-14 08:03 - 2018-02-22 04:06 - 000134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2018-03-14 08:03 - 2018-02-18 22:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-03-14 08:03 - 2018-02-10 19:35 - 000367296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000334528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000185024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000122560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS
2018-03-14 08:03 - 2018-02-10 19:35 - 000068288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000064192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS
2018-03-14 08:03 - 2018-02-10 19:35 - 000063168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000060608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000036032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000031936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000023744 _____ (Microsoft Corporation) C:\Windows\system32\streamci.dll
2018-03-14 08:03 - 2018-02-10 19:35 - 000020160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000015040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys
2018-03-14 08:03 - 2018-02-10 19:35 - 000012096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys
2018-03-14 08:03 - 2018-02-10 19:23 - 002292224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2018-03-14 08:03 - 2018-02-10 19:23 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2018-03-14 08:03 - 2018-02-10 19:23 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\racpldlg.dll
2018-03-14 08:03 - 2018-02-10 19:11 - 003665920 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2018-03-14 08:03 - 2018-02-10 19:11 - 000369664 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2018-03-14 08:03 - 2018-02-10 19:11 - 000133120 _____ (Microsoft Corporation) C:\Windows\system32\msrahc.dll
2018-03-14 08:03 - 2018-02-10 19:11 - 000119296 _____ (Microsoft Corporation) C:\Windows\system32\racpldlg.dll
2018-03-14 08:03 - 2018-02-10 18:36 - 000108032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msra.exe
2018-03-14 08:03 - 2018-02-10 18:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdchange.exe
2018-03-14 08:03 - 2018-02-10 18:36 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsraLegacy.tlb
2018-03-14 08:03 - 2018-02-10 18:26 - 000653312 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2018-03-14 08:03 - 2018-02-10 18:26 - 000051712 _____ (Microsoft Corporation) C:\Windows\system32\sdchange.exe
2018-03-14 08:03 - 2018-02-10 18:25 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys
2018-03-14 08:03 - 2018-02-10 18:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys
2018-03-14 08:03 - 2018-02-10 18:25 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\MsraLegacy.tlb
2018-03-14 08:03 - 2018-02-02 19:40 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-03-14 08:03 - 2018-02-02 19:29 - 002365952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2018-03-14 08:03 - 2018-02-02 19:29 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2018-03-14 08:03 - 2018-02-02 19:29 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2018-03-14 08:03 - 2018-02-02 19:28 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-03-14 08:03 - 2018-02-02 19:16 - 003246080 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-03-14 08:03 - 2018-02-02 19:16 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2018-03-14 08:03 - 2018-02-02 19:16 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2018-03-14 08:03 - 2018-02-02 19:14 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-03-14 08:03 - 2018-02-02 19:14 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-03-14 08:03 - 2018-02-02 18:46 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2018-03-14 08:03 - 2018-02-02 18:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2018-03-14 08:03 - 2018-01-15 20:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-03-14 08:03 - 2018-01-15 20:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-03-14 08:03 - 2018-01-12 17:40 - 000407040 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2018-03-14 08:03 - 2018-01-12 17:26 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2018-03-14 07:52 - 2018-02-13 19:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-03-14 07:52 - 2018-02-13 19:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-03-14 07:52 - 2018-02-13 15:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-03-14 07:52 - 2018-02-13 15:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-03-13 20:07 - 2018-03-13 20:07 - 000004458 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-03-12 00:18 - 2018-03-19 18:22 - 000000261 _____ C:\DelFix.txt
2018-03-09 14:12 - 2018-03-09 14:12 - 000000000 ____D C:\Users\Sale\AppData\Local\IsolatedStorage
2018-03-07 13:38 - 2018-03-07 13:39 - 000000000 ____D C:\Program Files (x86)\WinHTTrack
2018-03-06 13:38 - 2018-03-06 13:38 - 000000000 ____D C:\Users\Sale\Documents\paint.net User Files
2018-02-22 23:27 - 2018-03-08 22:33 - 000000000 ____D C:\Program Files (x86)\CDisplay

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-24 21:56 - 2009-07-14 05:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-24 21:56 - 2009-07-14 05:45 - 000031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-24 21:55 - 2017-01-12 21:30 - 000000000 ____D C:\Users\Sale\Documents\Outlook Files
2018-03-24 21:53 - 2017-01-12 19:18 - 000000266 _____ C:\Windows\Tasks\AutoKMS.job
2018-03-24 21:49 - 2017-01-11 22:13 - 000000000 ____D C:\Users\Sale\AppData\LocalLow\Mozilla
2018-03-24 21:47 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-24 21:27 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-03-24 19:40 - 2009-07-14 06:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-20 18:08 - 2017-01-11 21:58 - 000000000 ____D C:\Users\Sale
2018-03-20 18:02 - 2017-01-12 18:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-20 10:29 - 2017-09-14 10:43 - 000000000 ____D C:\Users\Sale\Documents\LogoDesignStudio Pro
2018-03-19 18:47 - 2009-07-14 04:20 - 000000000 __RHD C:\Users\Public\Libraries
2018-03-19 18:25 - 2017-01-12 17:13 - 000000000 ___RD C:\Users\Sale\Desktop\Graficki programi
2018-03-19 18:23 - 2017-01-25 10:15 - 000000000 ____D C:\Users\Sale\Desktop\Slike za logo i projekti
2018-03-19 18:21 - 2017-01-14 22:11 - 000000000 ___RD C:\Users\Sale\Desktop\Internet programi
2018-03-19 18:21 - 2017-01-12 17:13 - 000000000 ___RD C:\Users\Sale\Desktop\Zastita i cistaci
2018-03-19 15:39 - 2017-01-17 10:11 - 000000000 ___RD C:\Users\Sale\Desktop\Operativni programi
2018-03-19 15:16 - 2017-05-06 12:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-19 15:16 - 2017-01-11 22:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-03-15 09:52 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2018-03-15 07:00 - 2017-01-12 16:20 - 000000000 ____D C:\Windows\system32\appraiser
2018-03-15 07:00 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-03-15 06:44 - 2017-01-12 00:11 - 000000000 ____D C:\Windows\system32\MRT
2018-03-15 06:38 - 2017-10-12 11:39 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-03-15 06:38 - 2017-01-12 00:10 - 130364688 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-03-13 20:07 - 2017-01-13 14:11 - 000804352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-03-13 20:07 - 2017-01-13 14:11 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-03-13 20:07 - 2017-01-13 14:11 - 000000000 ____D C:\Windows\system32\Macromed
2018-03-13 20:07 - 2017-01-13 13:33 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-03-13 20:07 - 2017-01-13 13:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-03-12 10:45 - 2017-01-12 19:06 - 000000000 ____D C:\Users\Sale\AppData\Local\Microsoft Help
2018-03-08 22:27 - 2018-01-30 21:12 - 000000000 ____D C:\Users\Sale\AppData\Local\Sony
2018-03-04 22:25 - 2017-12-25 08:37 - 000000000 ____D C:\Users\Sale\Desktop\za auto
2018-02-27 22:05 - 2018-01-18 16:23 - 000000000 ____D C:\Users\Sale\.openshot_qt
2018-02-27 02:05 - 2017-09-14 18:58 - 000000000 ____D C:\Users\Sale\Desktop\predavanja

==================== Files in the root of some directories =======

2017-01-12 23:04 - 2018-03-07 11:13 - 022803992 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2017-02-27 22:15 - 2017-03-01 08:24 - 000889271 _____ () C:\Users\Sale\AppData\Local\ars.cache
2017-02-27 22:16 - 2017-03-01 12:51 - 013099399 _____ () C:\Users\Sale\AppData\Local\census.cache
2017-11-22 18:29 - 2017-11-22 18:29 - 000003584 _____ () C:\Users\Sale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-27 15:34 - 2017-02-27 15:34 - 000000036 _____ () C:\Users\Sale\AppData\Local\housecall.guid.cache
2017-01-11 22:31 - 2017-12-22 21:35 - 000007667 _____ () C:\Users\Sale\AppData\Local\Resmon.ResmonCfg
2017-02-27 17:25 - 2017-02-27 23:07 - 000000010 _____ () C:\Users\Sale\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\hamachi.sys -> Access Denied <======= ATTENTION

LastRegBack: 2018-03-19 09:33

==================== End of FRST.txt ============================


[Link mogu videti samo ulogovani korisnici]



Poslao: 25 Mar 2018 11:55
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeći tekst koji se nalazi unutar Kod polja.

FF user.js: detected! => C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\user.js [2017-06-30]
FF Extension: (System Table) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\622127@modext.tech.xpi [2018-02-27]


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i sačuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i sačekaj dok program ne završi.
Ukoliko program zatraži restart računara, omogući mu da to nesmetano obavi.
Nakon završetka rada, otvoriće se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takođe, na Desktop-u će se nalaziti (fixlog.txt).



Poslao: 25 Mar 2018 16:56
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Sale (25-03-2018 17:51:28) Run:1
Running from C:\Users\Sale\Desktop
Loaded Profiles: Sale (Available Profiles: Sale)
Boot Mode: Normal
==============================================

fixlist content:
*****************
FF user.js: detected! => C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\user.js [2017-06-30]
FF Extension: (System Table) - C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\622127@modext.tech.xpi [2018-02-27]
*****************

C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\user.js => moved successfully
C:\Users\Sale\AppData\Roaming\Mozilla\Firefox\Profiles\1yjtmeze.default-1484260374227\Extensions\622127@modext.tech.xpi => moved successfully

==== End of Fixlog 17:51:34 ====

Proverio sam i ne vidim da vise ima tog djubreta.

Poslao: 25 Mar 2018 20:59
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Potrebno je da spakuješ folder C:\FRST\Quarantine u arhivu i pošalješ nam ga.

Uđi u folder C:\FRST
Desnim tasterom miša klini na folder Quarantine i izaberi opciju Add to archive... kao na slici



Kao Archive format izaberi RAR5 ili RAR
Za Compression method odaberi Best
U polje Split to volumes, bytes unesi 5000000 (slovima: pet miliona)
Na desnoj strani označi opciju Create Solid Archive (pogledaj sliku dole)



Klikni na OK
Kada WinRAR završi sa kompresovanjem, dobijene fajlove uploaduj (jedan po jedan) na:
[Link mogu videti samo ulogovani korisnici]

Poslao: 25 Mar 2018 21:34
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Bio samo jedan fajl, upravo samga poslao.

Poslao: 25 Mar 2018 21:47
Idi na vrh
offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sledeća procedura će implementirati završno čišćenje.

Arrow Preuzmi "Xplode"-ov DelFix alat i snimi ga na Desktop.
Dvoklikom pokreni alat i štikliraj kućice ispred sledećih opcija;

Remove disinfection tools
Create registry backup
Purge System Restore

Klikni na dugme Run i pričekaj trenutak dok alat ne završi svoj rad.
Od ovog trenutka, svi korišćeni alati u ovoj temi bi trebali biti obrisani.
Alat će takođe formirati izveštaj za tebe. (C:\DelFix.txt)

Alat će snimiti i zdravo stanje registy-ja i napraviti backup koristeci integrisan program "ERUNT" u %windir%\ERUNT\DelFix
Alat briše stare system restore tačke i pravi novu, svežu tačku nakon čišćenja.

Poslao: 25 Mar 2018 21:59
Idi na vrh
offline
  • goust  Male
  • Elitni građanin
  • Pridružio: 09 Apr 2005
  • Poruke: 1799

Veliko HVALA!

MyCity » Ambulanta -> Arhiva Ambulante » Zarazen Firefox

Ko je trenutno na forumu
 

Ukupno su 1138 korisnika na forumu :: 67 registrovanih, 5 sakrivenih i 1066 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, airliners, aleph_one, Asparagus, bokicacar, bolimejoli, braca57, brane2208, capetron, Chainsaw, Coficab, cole77, croato, DaliborVukadinovic, DezurniOperativni, DH, Dioniss, DonRumataEstorski, draganl, DragoslavS, duro1990duro, Feller, ginjica, Giskard, Great White, ivran064, joca83, Jomini, JOntra, komenski, kuntakinte, Lazarus, m0nstrum_, Magarac, Malahit, Mane88, Marko Marković, marko308, max power, Medojed, Meklejn, nebojsag, neutrino, Nobunaga, Obrenovic, Parker, Pero Petković, Raso75, sabros, sale755, sombrero, tamno.nebo, tanakadzo, trutcina, vaso1, vjetar, vlada035, vlahale, vrag81, vuksa72, vzd1389, wize, wizzardone, zil10, zixmix, zlaya011, šumar bk2